<?php
function isUserAuth()
{
	//echo "admin_session:". $_SESSION['login_user_id']. "<br>";

	if($_SESSION['login_admin'])
	{
		if(!$_SESSION['login_user_id'] > 0){
			header("location: index.php");
			//echo "user_id is not greater then 0";
			exit;
		}
	}else{
		header("location: index.php");
		//echo "admin session is not set";
		exit;
	}
}

class Users
{
	const DBTable = "tbl_users";

	public $User_id;
	public $Firstname;
	public $Lastname;
	public $Email;
	public $Password;
	public $Permission_id;
	public $Permission_id_array = array(
		0 => array(0 => 1, 1 => "Admin"),
		1 => array(0 => 2, 1 => "General User"),
		2 => array(0 => 3, 1 => "Moderator"),
		3 => array(0 => 4, 1 => "Editor")
		);
	public $Last_login;
	private $__Createdate;
	private $__Updatedate;
	public $Deleted;
	public $Company;
	private $__mysql;

	public function __construct()
	{
		$this->User_id = 0;
		$this->Firstname = null;
		$this->Lastname = null;
		$this->Email = null;
		$this->Password = null;
		$this->Permission_id = 0;
		$this->__Createdate = date("Y-m-d H:i:s");
		$this->__Updatedate = date("Y-m-d H:i:s");
		$this->Deleted = 0;
		$this->Company = null;
		$this->__mysql = new MYSQL;
	}

	public function Save()
	{
		$sqlStr = "insert into ".self::DBTable."
				(firstname, lastname, email, password, permission_id, createdate, updatedate, company)
				values
				(
				'".mysql_real_escape_string($this->Firstname)."', 
				'".mysql_real_escape_string($this->Lastname)."',
				'".mysql_real_escape_string($this->Email)."',
				'".mysql_real_escape_string($this->Password)."',
				'".$this->Permission_id."',
				'".$this->__Createdate."',
				'".$this->__Updatedate."',
				'".mysql_real_escape_string($this->Company)."'
				)";
			$this->__mysql->Exec_query($sqlStr);
			return $this->__mysql->Get_insert_id();
	}

	public function Update()
	{
		$sqlStr = "update ".self::DBTable." set
			firstname = '".mysql_real_escape_string($this->Firstname)."', 
			lastname = '".mysql_real_escape_string($this->Lastname)."', 
			email = '".mysql_real_escape_string($this->Email)."', 
			permission_id = '".$this->Permission_id."', 
			updatedate = '".$this->__Updatedate."', 
			company = '".$this->Company."'
			where user_id = '".mysql_real_escape_string($this->User_id)."'";
			$this->__mysql->Exec_query($sqlStr);
			
			if($this->Password != "")
			{
				$this->Quick_update("password", $this->Password);
			}
	}

	public function Quick_update($column = null, $value = null)
	{
		$sqlStr = "update ".self::DBTable." set
			".$column." = '".mysql_real_escape_string($value)."',
			 updatedate = '".$this->Updatedate."' 
			where 
			user_id = '". $this->User_id."'";
			$this->__mysql->Exec_query($sqlStr);
	}

	public function List_all()
	{
		$sqlStr = "select u.*, p.title as permission_title
			from ".self::DBTable." u
			inner join tbl_users_permissions p on u.permission_id = p.permission_id
			where deleted = 0
			order by u.firstname asc, u.lastname asc";
		//echo $sqlStr;
		$recordset = $this->__mysql->Exec_query($sqlStr);
		return $data_array = $this->__mysql->Get_data_array($recordset);
	}

	public function List_all_selectlist()
	{
		$sqlStr = "select user_id, concat_ws(' ', firstname, lastname) as fullname
			from ".self::DBTable." 
			where deleted = 0
			order by firstname asc, lastname asc";

		//echo $sqlStr;
		$recordset = $this->__mysql->Exec_query($sqlStr);
		return $data_array = $this->__mysql->Get_data_array($recordset);
	}

	public function Delete($user_id = 0)
	{
		$sqlStr = "update ".self::DBTable." set deleted = 1 where user_id = '".mysql_real_escape_string($user_id)."'";
			$this->__mysql->Exec_query($sqlStr);

		$sqlStr = "optimize table ".self::DBTable."";
			$this->__mysql->Exec_query($sqlStr);
	}

	public function Select($user_id = 0)
	{
		$sqlStr = "select * from ".self::DBTable." where user_id = '".mysql_real_escape_string($user_id)."'";
		$recordset = $this->__mysql->Exec_query($sqlStr);

		if($this->__mysql->Get_num_rows($recordset) > 0)
		{
			$result = $this->__mysql->Get_data_assoc($recordset);
			$this->User_id = $result['user_id'];
			$this->Firstname = $result['firstname'];
			$this->Lastname = $result['lastname'];
			$this->Email = $result['email'];
			$this->Password = $result['password'];
			$this->Permission_id = $result['permission_id'];
			$this->Last_login = $result['last_login'];
			$this->Createdate = $result['createdate'];
			$this->Updatedate = $result['updatedate'];
			$this->Deleted = $result['deleted'];
			$this->Company = $result['company'];
			return true;
		}
		else
		{
			return false;
		}
	}

	public function Select_by($fieldname = null, $value = null)
	{
		if(!is_null($fieldname))
		{
			$sqlStr = "select * from ".self::DBTable." where ".$fieldname." = '".mysql_real_escape_string($value)."'";
			$recordset = $this->__mysql->Exec_query($sqlStr);

			if($this->__mysql->Get_num_rows($recordset) > 0)
			{
				$result = $this->__mysql->Get_data_assoc($recordset);
				$this->User_id = $result['user_id'];
				$this->Firstname = $result['firstname'];
				$this->Lastname = $result['lastname'];
				$this->Email = $result['email'];
				$this->Password = $result['password'];
				$this->Permission_id = $result['permission_id'];
				$this->Last_login = $result['last_login'];
				$this->Createdate = $result['createdate'];
				$this->Updatedate = $result['updatedate'];
				$this->Deleted = $result['deleted'];
				$this->Company = $result['company'];
				return true;
			}
			else
			{
				return false;
			}
		}
	}

	public function Auth_user()
	{
		$sqlStr = "select * from ".self::DBTable." 
			where 
			email = '". mysql_real_escape_string($this->Email) . "' and 
			password = '". mysql_real_escape_string($this->Password) ."'";
		//echo $sqlStr;
		$recordset = $this->__mysql->Exec_query($sqlStr);
		if($this->__mysql->Get_num_rows($recordset) > 0)
		{
			$result = $this->__mysql->Get_data_assoc($recordset);
			$this->User_id = $result['user_id'];
			$this->Firstname = $result['firstname'];
			$this->Lastname = $result['lastname'];
			$this->Email = $result['email'];
			$this->Password = $result['password'];
			$this->Permission_id = $result['permission_id'];
			$this->Last_login = $result['last_login'];
			$this->Createdate = $result['createdate'];
			$this->Updatedate = $result['updatedate'];
			$this->Deleted = $result['deleted'];
			$this->Company = $result['company'];

			//update the last login date
			$this->Last_login = date("Y-m-d H:i:s");
			$this->__Update_lastlogin();

			return true;
		}
		else
		{
			return false;
		}
	}

	private function __Update_lastlogin()
	{
		$sqlStr = "update ".self::DBTable." set last_login = '".$this->Last_login."' where user_id = ".mysql_real_escape_string($this->User_id)."";
		$this->__mysql->Exec_query($sqlStr);
	}
}
?>